From 728b6e732693dbaac4b46e1090578c655c557a5a Mon Sep 17 00:00:00 2001
From: Michael Vittrup Larsen <mvl.gh@network42.dk>
Date: Thu, 23 May 2024 14:36:49 +0200
Subject: [PATCH] feat(argo-cd): Make redis secret initialization optional
 (#2713)

* Make redis secret initialization optional

Signed-off-by: michaelvl <mvl.gh@network42.dk>

* Remove artifacthub.io/changes from previous change

Signed-off-by: michaelvl <mvl.gh@network42.dk>

---------

Signed-off-by: michaelvl <mvl.gh@network42.dk>
---
 charts/argo-cd/Chart.yaml                                     | 4 ++--
 charts/argo-cd/README.md                                      | 1 +
 charts/argo-cd/templates/redis-secret-init/job.yaml           | 2 +-
 charts/argo-cd/templates/redis-secret-init/role.yaml          | 2 +-
 charts/argo-cd/templates/redis-secret-init/rolebinding.yaml   | 2 +-
 .../argo-cd/templates/redis-secret-init/serviceaccount.yaml   | 2 +-
 charts/argo-cd/values.yaml                                    | 2 ++
 7 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml
index ccd8c0c4..9c085f53 100644
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@@ -3,7 +3,7 @@ appVersion: v2.11.1
 kubeVersion: ">=1.23.0-0"
 description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 6.10.2
+version: 6.11.0
 home: https://github.com/argoproj/argo-helm
 icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png
 sources:
@@ -27,4 +27,4 @@ annotations:
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
     - kind: added
-      description: Added priorityClassName for the redis secret init job
+      description: Made Redis secret initialization optional with default enabled
diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md
index fcfcd27f..b390056f 100644
--- a/charts/argo-cd/README.md
+++ b/charts/argo-cd/README.md
@@ -1359,6 +1359,7 @@ If you use an External Redis (See Option 3 above), this Job is not deployed.
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | redisSecretInit.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context |
+| redisSecretInit.enabled | bool | `true` | Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods |
 | redisSecretInit.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Redis secret-init Job |
 | redisSecretInit.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Redis secret-init Job |
 | redisSecretInit.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Redis secret-init Job |
diff --git a/charts/argo-cd/templates/redis-secret-init/job.yaml b/charts/argo-cd/templates/redis-secret-init/job.yaml
index 0e3baf0a..27837465 100644
--- a/charts/argo-cd/templates/redis-secret-init/job.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/job.yaml
@@ -1,4 +1,4 @@
-{{- if not .Values.externalRedis.host }}
+{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
 apiVersion: batch/v1
 kind: Job
 metadata:
diff --git a/charts/argo-cd/templates/redis-secret-init/role.yaml b/charts/argo-cd/templates/redis-secret-init/role.yaml
index 52bdf0a3..ac5fd313 100644
--- a/charts/argo-cd/templates/redis-secret-init/role.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/role.yaml
@@ -1,4 +1,4 @@
-{{- if not .Values.externalRedis.host }}
+{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
diff --git a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml
index 536c847d..7ea1de96 100644
--- a/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/rolebinding.yaml
@@ -1,4 +1,4 @@
-{{- if not .Values.externalRedis.host }}
+{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
diff --git a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml
index 0dc9979a..d6b95f13 100644
--- a/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml
+++ b/charts/argo-cd/templates/redis-secret-init/serviceaccount.yaml
@@ -1,4 +1,4 @@
-{{- if not .Values.externalRedis.host }}
+{{- if and .Values.redisSecretInit.enabled (not .Values.externalRedis.host) }}
 apiVersion: v1
 kind: ServiceAccount
 automountServiceAccountToken: {{ .Values.redisSecretInit.serviceAccount.automountServiceAccountToken }}
diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml
index 6d193720..f9ee4674 100644
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@@ -1601,6 +1601,8 @@ externalRedis:
   secretAnnotations: {}
 
 redisSecretInit:
+  # -- Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods
+  enabled: true
   # -- Redis secret-init name
   name: redis-secret-init